Lecture 21

Computer Security Ethics

Before we start…
• Being ethical is not necessarily following one’s feelings;
“feelings frequently deviate from what is ethical“
• Often because of the way one is raised, ethics and religion are
coupled; but ethics is not confined to religion nor is the same as
religion
• Being ethical is not solely following the law.

Elements of practical ethics through basic philosophy:

 Ethical thought
 Ethical definition
 Ethical values

Example: “If a person conceives of engineering activity as only making

money, then one's definition of practical ethics, one's actions and
values will, be guided by this basic philosophical position. “
Security in:
• Client / Workstation / Terminal
• Intra-networks
• Inter-networks

In terms of:
• Physical Security
• Non-Physical Security
Security Threats (sources, causes, people behind) :
– Hackers
– Crackers
– Script Kiddies
– Unethical Employees (logic bombs, backdoor,…)
– Cyberterrorists
– Corporate Spy
– Worm / Virus / Trojan (incl. keyloggers,…)
– Spoofing / Sniffing / Phishing
– DoS / DDoS attacks
– Hoax / Spam
– ...
Examples:
Example of Phishing:
Hackers’ Code of Ethics:

Hacker creed (Steven Levy’s “Hackers: Heroes of

Computer Revolution” - 1984 ):

• Access to computers should be unlimited and total.

• Always yield to the Hands-On Imperative
• All information should be free.
• Mistrust authority -- promote decentralization.
• Hackers should be judged by their hacking.
• You can create art and beauty on a computer.
• Computers can change your life for the better.
New Code of Ethics (90s) - Steven Mizrach :
• "Above all else, do no harm"
• Protect Privacy
• "Waste not, want not."
• Exceed Limitations
• The Communicational Imperative
• Leave No Traces
• Share!
• Self Defense
• Hacking Helps Security
• Trust, but Test!

In Short : 1) protect data and hardware 2) respect and protect privacy 3)

utilize what is being wasted by others 4) exceed unnecessary restrictions
5) promote peoples' right to communicate 6) leave no traces 7) share
data and software 8) be vigilant against cyber-tyranny and 9) test
security and system integrity of computer systems.
New(er) Hacker Ethics:
• Hackers share and are willing to teach their knowledge.
• Hackers are skilled. Many are self-taught, or learn by interacting
with other hackers.
• Hackers seek knowledge. This knowledge may come from
unauthorized or unusual sources, and is often hidden.

• Hackers like to understand how things work, and want to make their
own improvements or modifications.

• Hackers often disagree with authority, including parents, employers,

social customs and laws. They often seek to get around authority
they disagree with.

• Hackers disagree with each other. Different hackers have different

values, and come from all backgrounds. This means that what one
hacker is opposed to might be embraced by another.
New(er) Hacker Ethics:
• Hackers are persistent, and are willing to devote hours, days and years to
pursuing their individual passions.

• This Code is not to prescribe how hackers act. Instead, it is to help us to

recognize our own diversity and identity.

• Every hacker must make his or her own decisions about what is right or
wrong, and some might do things they believe are illegal, amoral or anti-
social.

• Hackers' motivations are their own, and there is no reason for all hackers
to agree.
• Hackers have a shared identity, however, and many shared interests.

• By reading this Code, hackers can recognize themselves and each other,
and understand better the group they are a part of.
Hackers’ Code of Ethics:

• Old code vs new code

• Are new hackers aware of the original hacker
ethics?
• Are new hackers aware of any hacker ethics?
• Influence of technology and social issues on
changes in hacker ethics
• Similarity between the old and new ethics and
ethical continuity